If I have given my bank details to someone by email what should I do now? [duplicate]












19















This question already has an answer here:




  • I gave a scammer my telephone number, address, and name. How bad is it?

    2 answers




I have given someone my bank account details including my home address and phone number by email, supposedly so that money can be transferred into my account.



I am now quite sure this is a scam.



What do I do next, i.e. how do I protect myself from this scammer?










share|improve this question















marked as duplicate by Pete B., JoeTaxpayer Dec 12 at 3:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 34




    Do your "bank account details" include your online banking password?
    – Philipp
    Dec 11 at 10:31






  • 6




    Did you provide a copy of your ID? Some criminals aim to get access by showing a (copy) of the ID to the bank.
    – Willem Van Onsem
    Dec 11 at 10:41






  • 8




    If money does show up in your account from a source you can't identify, don't touch it. Report it to the bank, let them figure it out.
    – Steve-O
    Dec 11 at 14:18






  • 5




    Just by paying someone with a check you give a lot of bank account details out. Have you given more that could be found on the face of a check?
    – SolutionMill
    Dec 11 at 17:05












  • Close the account and open another. But I don't think they can do something with your details.
    – i486
    Dec 11 at 20:42
















19















This question already has an answer here:




  • I gave a scammer my telephone number, address, and name. How bad is it?

    2 answers




I have given someone my bank account details including my home address and phone number by email, supposedly so that money can be transferred into my account.



I am now quite sure this is a scam.



What do I do next, i.e. how do I protect myself from this scammer?










share|improve this question















marked as duplicate by Pete B., JoeTaxpayer Dec 12 at 3:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 34




    Do your "bank account details" include your online banking password?
    – Philipp
    Dec 11 at 10:31






  • 6




    Did you provide a copy of your ID? Some criminals aim to get access by showing a (copy) of the ID to the bank.
    – Willem Van Onsem
    Dec 11 at 10:41






  • 8




    If money does show up in your account from a source you can't identify, don't touch it. Report it to the bank, let them figure it out.
    – Steve-O
    Dec 11 at 14:18






  • 5




    Just by paying someone with a check you give a lot of bank account details out. Have you given more that could be found on the face of a check?
    – SolutionMill
    Dec 11 at 17:05












  • Close the account and open another. But I don't think they can do something with your details.
    – i486
    Dec 11 at 20:42














19












19








19


1






This question already has an answer here:




  • I gave a scammer my telephone number, address, and name. How bad is it?

    2 answers




I have given someone my bank account details including my home address and phone number by email, supposedly so that money can be transferred into my account.



I am now quite sure this is a scam.



What do I do next, i.e. how do I protect myself from this scammer?










share|improve this question
















This question already has an answer here:




  • I gave a scammer my telephone number, address, and name. How bad is it?

    2 answers




I have given someone my bank account details including my home address and phone number by email, supposedly so that money can be transferred into my account.



I am now quite sure this is a scam.



What do I do next, i.e. how do I protect myself from this scammer?





This question already has an answer here:




  • I gave a scammer my telephone number, address, and name. How bad is it?

    2 answers








canada banking scams identity-theft






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 11 at 14:05









Ben Miller

76.5k19207274




76.5k19207274










asked Dec 11 at 10:15









Julianne bhana

9913




9913




marked as duplicate by Pete B., JoeTaxpayer Dec 12 at 3:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






marked as duplicate by Pete B., JoeTaxpayer Dec 12 at 3:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 34




    Do your "bank account details" include your online banking password?
    – Philipp
    Dec 11 at 10:31






  • 6




    Did you provide a copy of your ID? Some criminals aim to get access by showing a (copy) of the ID to the bank.
    – Willem Van Onsem
    Dec 11 at 10:41






  • 8




    If money does show up in your account from a source you can't identify, don't touch it. Report it to the bank, let them figure it out.
    – Steve-O
    Dec 11 at 14:18






  • 5




    Just by paying someone with a check you give a lot of bank account details out. Have you given more that could be found on the face of a check?
    – SolutionMill
    Dec 11 at 17:05












  • Close the account and open another. But I don't think they can do something with your details.
    – i486
    Dec 11 at 20:42














  • 34




    Do your "bank account details" include your online banking password?
    – Philipp
    Dec 11 at 10:31






  • 6




    Did you provide a copy of your ID? Some criminals aim to get access by showing a (copy) of the ID to the bank.
    – Willem Van Onsem
    Dec 11 at 10:41






  • 8




    If money does show up in your account from a source you can't identify, don't touch it. Report it to the bank, let them figure it out.
    – Steve-O
    Dec 11 at 14:18






  • 5




    Just by paying someone with a check you give a lot of bank account details out. Have you given more that could be found on the face of a check?
    – SolutionMill
    Dec 11 at 17:05












  • Close the account and open another. But I don't think they can do something with your details.
    – i486
    Dec 11 at 20:42








34




34




Do your "bank account details" include your online banking password?
– Philipp
Dec 11 at 10:31




Do your "bank account details" include your online banking password?
– Philipp
Dec 11 at 10:31




6




6




Did you provide a copy of your ID? Some criminals aim to get access by showing a (copy) of the ID to the bank.
– Willem Van Onsem
Dec 11 at 10:41




Did you provide a copy of your ID? Some criminals aim to get access by showing a (copy) of the ID to the bank.
– Willem Van Onsem
Dec 11 at 10:41




8




8




If money does show up in your account from a source you can't identify, don't touch it. Report it to the bank, let them figure it out.
– Steve-O
Dec 11 at 14:18




If money does show up in your account from a source you can't identify, don't touch it. Report it to the bank, let them figure it out.
– Steve-O
Dec 11 at 14:18




5




5




Just by paying someone with a check you give a lot of bank account details out. Have you given more that could be found on the face of a check?
– SolutionMill
Dec 11 at 17:05






Just by paying someone with a check you give a lot of bank account details out. Have you given more that could be found on the face of a check?
– SolutionMill
Dec 11 at 17:05














Close the account and open another. But I don't think they can do something with your details.
– i486
Dec 11 at 20:42




Close the account and open another. But I don't think they can do something with your details.
– i486
Dec 11 at 20:42










4 Answers
4






active

oldest

votes


















30














Do not disclose any more information and change your passwords to the bank website. You might possibly have to change your phone number that you have linked to the bank account. This is important since you might be receiving One Time Passwords (OTPs) on the mobile number which can be used to gain access to your account.
Personally, I think physical address is not doing much of a harm, but report this to your bank and let them know that you have done this so they can call you in case there is a large transaction that is happening without your knowledge.
Ask them to get approval for any transactions above X amount (X being any amount in your currency that you deem large enough).



Keep an eye on your transactions and report any fraudulent transactions immediately.
Report the fraud to the police.



And most importantly, do not share any personal details to an unathorized person in future.
Be safe.






share|improve this answer



















  • 33




    Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
    – pboss3010
    Dec 11 at 13:32






  • 34




    @pboss3010: Ideally, you should make that an Answer! ;)
    – Daniel
    Dec 11 at 13:33






  • 2




    @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
    – Zibbobz
    Dec 11 at 17:16






  • 1




    "you might possibly have to change your phone number that you have linked" Why is that?
    – xiaomy
    Dec 11 at 20:27






  • 1




    @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
    – xiaomy
    Dec 11 at 23:15





















12














When you say "details" I don't know if that includes your username/password to online banking. If it does, first step is change that password, but you should do that while you're on the phone. Changing your password is not enough, you must also do the next step.



Tell your bank. Right now.



Call them on their customer support line. Don't wait for an opportunity to visit a branch.



Because they can provide practical defenses about what is about to happen. Or, if it's already happened, time is of the essence in reversing it.



The more proactive you are, the more likely you'll get your money back.



Then, do mop-up activities



Notify Google that the mail is a scam, Gmail provides a way to report that.



File a police report. They may not want to take your report unless the bad guy actually tried a transfer.



I am breaking these out into "mop-up" to emphasize that these are not as urgent, and don't do them first.






share|improve this answer





















  • What makes you think the scammer and/or OP is using GMail?
    – mastov
    Dec 14 at 10:41










  • @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
    – Harper
    Dec 14 at 16:30



















12














Report to your bank, close that compromised account and open a new account.
Change any password, create a new email account if you have to and never chat to the scammer.






share|improve this answer































    6















    What do I do next? how do I protect myself from this scammer?




    As others have noted, your first phone call is to your bank's fraud department to inform them of the situation. They deal with this every day and can advise.



    If you gave the scammers your mobile phone number then you have an additional problem to deal with. After you call the bank, call your mobile provider's fraud department. Make sure you get the fraud department; the front-line phone support people for mobile phone companies are frequently undertrained and incompetent when dealing with cases of fraud. A good friend of mine has been dealing with a mobile phone fraud recently, and the phone support people got it all wrong until she spoke to an expert in the fraud department.



    The kinds of problems to anticipate if they have your mobile phone number include:




    • They may execute a social engineering attack against your mobile phone provider to convince them that they are you, and that you've lost your phone, and get the company to replace it and charge your account. They get a new phone with your number, your phone gets deactivated, you pay for it, and then they use your phone number to commit more crimes. This is the situation my friend is in right now, and it is very upsetting. But it gets worse! The worse situation is:

    • If they manage to get control of your phone number via social engineering attack, or bribing a phone company insider, or whatever, and they also have your email address, then they can execute the following series of steps: first, they'll attempt to log in to your email, but they won't have your password. Suppose you have two factor authentication turned on. They'll start the password reset process on your email account, and now they have "your" phone to satisfy the two-factor authentication, and they can reset your password to a password of their choice. Now they have your password and your email address, so they'll then read your emails and figure out what other services you registered that email to, and they'll reset the passwords on all of those as well.

    • Then they'll look at your email contacts, your social networking friends, and so on, try to figure out which of them is the most gullible, and start further attacks against them. Got a grandparent? They'll get an email from you saying that you're in Paris and someone stole your wallet and grandma, can you send me $200 to this sketchy money company right away?


    In short: our lives are in our phones, and many services use possession of a phone as a proxy for authorization. If they have your phone number, talk to a fraud specialist immediately, because these attackers will likely be sophisticated and know what to do with the resources they've got.






    share|improve this answer





















    • If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
      – mastov
      Dec 14 at 10:47










    • @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
      – Eric Lippert
      Dec 14 at 15:31










    protected by Ganesh Sittampalam Dec 11 at 14:10



    Thank you for your interest in this question.
    Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



    Would you like to answer one of these unanswered questions instead?














    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    30














    Do not disclose any more information and change your passwords to the bank website. You might possibly have to change your phone number that you have linked to the bank account. This is important since you might be receiving One Time Passwords (OTPs) on the mobile number which can be used to gain access to your account.
    Personally, I think physical address is not doing much of a harm, but report this to your bank and let them know that you have done this so they can call you in case there is a large transaction that is happening without your knowledge.
    Ask them to get approval for any transactions above X amount (X being any amount in your currency that you deem large enough).



    Keep an eye on your transactions and report any fraudulent transactions immediately.
    Report the fraud to the police.



    And most importantly, do not share any personal details to an unathorized person in future.
    Be safe.






    share|improve this answer



















    • 33




      Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
      – pboss3010
      Dec 11 at 13:32






    • 34




      @pboss3010: Ideally, you should make that an Answer! ;)
      – Daniel
      Dec 11 at 13:33






    • 2




      @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
      – Zibbobz
      Dec 11 at 17:16






    • 1




      "you might possibly have to change your phone number that you have linked" Why is that?
      – xiaomy
      Dec 11 at 20:27






    • 1




      @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
      – xiaomy
      Dec 11 at 23:15


















    30














    Do not disclose any more information and change your passwords to the bank website. You might possibly have to change your phone number that you have linked to the bank account. This is important since you might be receiving One Time Passwords (OTPs) on the mobile number which can be used to gain access to your account.
    Personally, I think physical address is not doing much of a harm, but report this to your bank and let them know that you have done this so they can call you in case there is a large transaction that is happening without your knowledge.
    Ask them to get approval for any transactions above X amount (X being any amount in your currency that you deem large enough).



    Keep an eye on your transactions and report any fraudulent transactions immediately.
    Report the fraud to the police.



    And most importantly, do not share any personal details to an unathorized person in future.
    Be safe.






    share|improve this answer



















    • 33




      Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
      – pboss3010
      Dec 11 at 13:32






    • 34




      @pboss3010: Ideally, you should make that an Answer! ;)
      – Daniel
      Dec 11 at 13:33






    • 2




      @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
      – Zibbobz
      Dec 11 at 17:16






    • 1




      "you might possibly have to change your phone number that you have linked" Why is that?
      – xiaomy
      Dec 11 at 20:27






    • 1




      @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
      – xiaomy
      Dec 11 at 23:15
















    30












    30








    30






    Do not disclose any more information and change your passwords to the bank website. You might possibly have to change your phone number that you have linked to the bank account. This is important since you might be receiving One Time Passwords (OTPs) on the mobile number which can be used to gain access to your account.
    Personally, I think physical address is not doing much of a harm, but report this to your bank and let them know that you have done this so they can call you in case there is a large transaction that is happening without your knowledge.
    Ask them to get approval for any transactions above X amount (X being any amount in your currency that you deem large enough).



    Keep an eye on your transactions and report any fraudulent transactions immediately.
    Report the fraud to the police.



    And most importantly, do not share any personal details to an unathorized person in future.
    Be safe.






    share|improve this answer














    Do not disclose any more information and change your passwords to the bank website. You might possibly have to change your phone number that you have linked to the bank account. This is important since you might be receiving One Time Passwords (OTPs) on the mobile number which can be used to gain access to your account.
    Personally, I think physical address is not doing much of a harm, but report this to your bank and let them know that you have done this so they can call you in case there is a large transaction that is happening without your knowledge.
    Ask them to get approval for any transactions above X amount (X being any amount in your currency that you deem large enough).



    Keep an eye on your transactions and report any fraudulent transactions immediately.
    Report the fraud to the police.



    And most importantly, do not share any personal details to an unathorized person in future.
    Be safe.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Dec 11 at 15:30

























    answered Dec 11 at 10:40









    Arpit

    36625




    36625








    • 33




      Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
      – pboss3010
      Dec 11 at 13:32






    • 34




      @pboss3010: Ideally, you should make that an Answer! ;)
      – Daniel
      Dec 11 at 13:33






    • 2




      @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
      – Zibbobz
      Dec 11 at 17:16






    • 1




      "you might possibly have to change your phone number that you have linked" Why is that?
      – xiaomy
      Dec 11 at 20:27






    • 1




      @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
      – xiaomy
      Dec 11 at 23:15
















    • 33




      Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
      – pboss3010
      Dec 11 at 13:32






    • 34




      @pboss3010: Ideally, you should make that an Answer! ;)
      – Daniel
      Dec 11 at 13:33






    • 2




      @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
      – Zibbobz
      Dec 11 at 17:16






    • 1




      "you might possibly have to change your phone number that you have linked" Why is that?
      – xiaomy
      Dec 11 at 20:27






    • 1




      @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
      – xiaomy
      Dec 11 at 23:15










    33




    33




    Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
    – pboss3010
    Dec 11 at 13:32




    Ideally, you should insist that your bank should open a new account for you, close the compromised account and you should change any auto-debit or direct deposits to the new account.
    – pboss3010
    Dec 11 at 13:32




    34




    34




    @pboss3010: Ideally, you should make that an Answer! ;)
    – Daniel
    Dec 11 at 13:33




    @pboss3010: Ideally, you should make that an Answer! ;)
    – Daniel
    Dec 11 at 13:33




    2




    2




    @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
    – Zibbobz
    Dec 11 at 17:16




    @pboss3010 Except Arpit's answer is only stating what he should do to remediate the situation in the immediate sense - your suggestion is much more effective at completely solving the problem, and is definitely worth a full answer. I know that I scrolled down to see if I could upvote it right now, and was disappointed that it was not there.
    – Zibbobz
    Dec 11 at 17:16




    1




    1




    "you might possibly have to change your phone number that you have linked" Why is that?
    – xiaomy
    Dec 11 at 20:27




    "you might possibly have to change your phone number that you have linked" Why is that?
    – xiaomy
    Dec 11 at 20:27




    1




    1




    @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
    – xiaomy
    Dec 11 at 23:15






    @mckenzm Is it really practical or even possible for a scammer to try to port your phone number without you knowing? Given how often data breaches happen, if that's true I fear I'd be changing phone numbers every week.
    – xiaomy
    Dec 11 at 23:15















    12














    When you say "details" I don't know if that includes your username/password to online banking. If it does, first step is change that password, but you should do that while you're on the phone. Changing your password is not enough, you must also do the next step.



    Tell your bank. Right now.



    Call them on their customer support line. Don't wait for an opportunity to visit a branch.



    Because they can provide practical defenses about what is about to happen. Or, if it's already happened, time is of the essence in reversing it.



    The more proactive you are, the more likely you'll get your money back.



    Then, do mop-up activities



    Notify Google that the mail is a scam, Gmail provides a way to report that.



    File a police report. They may not want to take your report unless the bad guy actually tried a transfer.



    I am breaking these out into "mop-up" to emphasize that these are not as urgent, and don't do them first.






    share|improve this answer





















    • What makes you think the scammer and/or OP is using GMail?
      – mastov
      Dec 14 at 10:41










    • @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
      – Harper
      Dec 14 at 16:30
















    12














    When you say "details" I don't know if that includes your username/password to online banking. If it does, first step is change that password, but you should do that while you're on the phone. Changing your password is not enough, you must also do the next step.



    Tell your bank. Right now.



    Call them on their customer support line. Don't wait for an opportunity to visit a branch.



    Because they can provide practical defenses about what is about to happen. Or, if it's already happened, time is of the essence in reversing it.



    The more proactive you are, the more likely you'll get your money back.



    Then, do mop-up activities



    Notify Google that the mail is a scam, Gmail provides a way to report that.



    File a police report. They may not want to take your report unless the bad guy actually tried a transfer.



    I am breaking these out into "mop-up" to emphasize that these are not as urgent, and don't do them first.






    share|improve this answer





















    • What makes you think the scammer and/or OP is using GMail?
      – mastov
      Dec 14 at 10:41










    • @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
      – Harper
      Dec 14 at 16:30














    12












    12








    12






    When you say "details" I don't know if that includes your username/password to online banking. If it does, first step is change that password, but you should do that while you're on the phone. Changing your password is not enough, you must also do the next step.



    Tell your bank. Right now.



    Call them on their customer support line. Don't wait for an opportunity to visit a branch.



    Because they can provide practical defenses about what is about to happen. Or, if it's already happened, time is of the essence in reversing it.



    The more proactive you are, the more likely you'll get your money back.



    Then, do mop-up activities



    Notify Google that the mail is a scam, Gmail provides a way to report that.



    File a police report. They may not want to take your report unless the bad guy actually tried a transfer.



    I am breaking these out into "mop-up" to emphasize that these are not as urgent, and don't do them first.






    share|improve this answer












    When you say "details" I don't know if that includes your username/password to online banking. If it does, first step is change that password, but you should do that while you're on the phone. Changing your password is not enough, you must also do the next step.



    Tell your bank. Right now.



    Call them on their customer support line. Don't wait for an opportunity to visit a branch.



    Because they can provide practical defenses about what is about to happen. Or, if it's already happened, time is of the essence in reversing it.



    The more proactive you are, the more likely you'll get your money back.



    Then, do mop-up activities



    Notify Google that the mail is a scam, Gmail provides a way to report that.



    File a police report. They may not want to take your report unless the bad guy actually tried a transfer.



    I am breaking these out into "mop-up" to emphasize that these are not as urgent, and don't do them first.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Dec 11 at 16:53









    Harper

    19.7k32966




    19.7k32966












    • What makes you think the scammer and/or OP is using GMail?
      – mastov
      Dec 14 at 10:41










    • @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
      – Harper
      Dec 14 at 16:30


















    • What makes you think the scammer and/or OP is using GMail?
      – mastov
      Dec 14 at 10:41










    • @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
      – Harper
      Dec 14 at 16:30
















    What makes you think the scammer and/or OP is using GMail?
    – mastov
    Dec 14 at 10:41




    What makes you think the scammer and/or OP is using GMail?
    – mastov
    Dec 14 at 10:41












    @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
    – Harper
    Dec 14 at 16:30




    @mastov I don't. I do work professionally in anti-spam, though. Every email provider provides a way to report spam on their platform.
    – Harper
    Dec 14 at 16:30











    12














    Report to your bank, close that compromised account and open a new account.
    Change any password, create a new email account if you have to and never chat to the scammer.






    share|improve this answer




























      12














      Report to your bank, close that compromised account and open a new account.
      Change any password, create a new email account if you have to and never chat to the scammer.






      share|improve this answer


























        12












        12








        12






        Report to your bank, close that compromised account and open a new account.
        Change any password, create a new email account if you have to and never chat to the scammer.






        share|improve this answer














        Report to your bank, close that compromised account and open a new account.
        Change any password, create a new email account if you have to and never chat to the scammer.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 12 at 3:33









        kachan64

        31




        31










        answered Dec 11 at 14:01









        Mohd Danish

        1195




        1195























            6















            What do I do next? how do I protect myself from this scammer?




            As others have noted, your first phone call is to your bank's fraud department to inform them of the situation. They deal with this every day and can advise.



            If you gave the scammers your mobile phone number then you have an additional problem to deal with. After you call the bank, call your mobile provider's fraud department. Make sure you get the fraud department; the front-line phone support people for mobile phone companies are frequently undertrained and incompetent when dealing with cases of fraud. A good friend of mine has been dealing with a mobile phone fraud recently, and the phone support people got it all wrong until she spoke to an expert in the fraud department.



            The kinds of problems to anticipate if they have your mobile phone number include:




            • They may execute a social engineering attack against your mobile phone provider to convince them that they are you, and that you've lost your phone, and get the company to replace it and charge your account. They get a new phone with your number, your phone gets deactivated, you pay for it, and then they use your phone number to commit more crimes. This is the situation my friend is in right now, and it is very upsetting. But it gets worse! The worse situation is:

            • If they manage to get control of your phone number via social engineering attack, or bribing a phone company insider, or whatever, and they also have your email address, then they can execute the following series of steps: first, they'll attempt to log in to your email, but they won't have your password. Suppose you have two factor authentication turned on. They'll start the password reset process on your email account, and now they have "your" phone to satisfy the two-factor authentication, and they can reset your password to a password of their choice. Now they have your password and your email address, so they'll then read your emails and figure out what other services you registered that email to, and they'll reset the passwords on all of those as well.

            • Then they'll look at your email contacts, your social networking friends, and so on, try to figure out which of them is the most gullible, and start further attacks against them. Got a grandparent? They'll get an email from you saying that you're in Paris and someone stole your wallet and grandma, can you send me $200 to this sketchy money company right away?


            In short: our lives are in our phones, and many services use possession of a phone as a proxy for authorization. If they have your phone number, talk to a fraud specialist immediately, because these attackers will likely be sophisticated and know what to do with the resources they've got.






            share|improve this answer





















            • If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
              – mastov
              Dec 14 at 10:47










            • @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
              – Eric Lippert
              Dec 14 at 15:31
















            6















            What do I do next? how do I protect myself from this scammer?




            As others have noted, your first phone call is to your bank's fraud department to inform them of the situation. They deal with this every day and can advise.



            If you gave the scammers your mobile phone number then you have an additional problem to deal with. After you call the bank, call your mobile provider's fraud department. Make sure you get the fraud department; the front-line phone support people for mobile phone companies are frequently undertrained and incompetent when dealing with cases of fraud. A good friend of mine has been dealing with a mobile phone fraud recently, and the phone support people got it all wrong until she spoke to an expert in the fraud department.



            The kinds of problems to anticipate if they have your mobile phone number include:




            • They may execute a social engineering attack against your mobile phone provider to convince them that they are you, and that you've lost your phone, and get the company to replace it and charge your account. They get a new phone with your number, your phone gets deactivated, you pay for it, and then they use your phone number to commit more crimes. This is the situation my friend is in right now, and it is very upsetting. But it gets worse! The worse situation is:

            • If they manage to get control of your phone number via social engineering attack, or bribing a phone company insider, or whatever, and they also have your email address, then they can execute the following series of steps: first, they'll attempt to log in to your email, but they won't have your password. Suppose you have two factor authentication turned on. They'll start the password reset process on your email account, and now they have "your" phone to satisfy the two-factor authentication, and they can reset your password to a password of their choice. Now they have your password and your email address, so they'll then read your emails and figure out what other services you registered that email to, and they'll reset the passwords on all of those as well.

            • Then they'll look at your email contacts, your social networking friends, and so on, try to figure out which of them is the most gullible, and start further attacks against them. Got a grandparent? They'll get an email from you saying that you're in Paris and someone stole your wallet and grandma, can you send me $200 to this sketchy money company right away?


            In short: our lives are in our phones, and many services use possession of a phone as a proxy for authorization. If they have your phone number, talk to a fraud specialist immediately, because these attackers will likely be sophisticated and know what to do with the resources they've got.






            share|improve this answer





















            • If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
              – mastov
              Dec 14 at 10:47










            • @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
              – Eric Lippert
              Dec 14 at 15:31














            6












            6








            6







            What do I do next? how do I protect myself from this scammer?




            As others have noted, your first phone call is to your bank's fraud department to inform them of the situation. They deal with this every day and can advise.



            If you gave the scammers your mobile phone number then you have an additional problem to deal with. After you call the bank, call your mobile provider's fraud department. Make sure you get the fraud department; the front-line phone support people for mobile phone companies are frequently undertrained and incompetent when dealing with cases of fraud. A good friend of mine has been dealing with a mobile phone fraud recently, and the phone support people got it all wrong until she spoke to an expert in the fraud department.



            The kinds of problems to anticipate if they have your mobile phone number include:




            • They may execute a social engineering attack against your mobile phone provider to convince them that they are you, and that you've lost your phone, and get the company to replace it and charge your account. They get a new phone with your number, your phone gets deactivated, you pay for it, and then they use your phone number to commit more crimes. This is the situation my friend is in right now, and it is very upsetting. But it gets worse! The worse situation is:

            • If they manage to get control of your phone number via social engineering attack, or bribing a phone company insider, or whatever, and they also have your email address, then they can execute the following series of steps: first, they'll attempt to log in to your email, but they won't have your password. Suppose you have two factor authentication turned on. They'll start the password reset process on your email account, and now they have "your" phone to satisfy the two-factor authentication, and they can reset your password to a password of their choice. Now they have your password and your email address, so they'll then read your emails and figure out what other services you registered that email to, and they'll reset the passwords on all of those as well.

            • Then they'll look at your email contacts, your social networking friends, and so on, try to figure out which of them is the most gullible, and start further attacks against them. Got a grandparent? They'll get an email from you saying that you're in Paris and someone stole your wallet and grandma, can you send me $200 to this sketchy money company right away?


            In short: our lives are in our phones, and many services use possession of a phone as a proxy for authorization. If they have your phone number, talk to a fraud specialist immediately, because these attackers will likely be sophisticated and know what to do with the resources they've got.






            share|improve this answer













            What do I do next? how do I protect myself from this scammer?




            As others have noted, your first phone call is to your bank's fraud department to inform them of the situation. They deal with this every day and can advise.



            If you gave the scammers your mobile phone number then you have an additional problem to deal with. After you call the bank, call your mobile provider's fraud department. Make sure you get the fraud department; the front-line phone support people for mobile phone companies are frequently undertrained and incompetent when dealing with cases of fraud. A good friend of mine has been dealing with a mobile phone fraud recently, and the phone support people got it all wrong until she spoke to an expert in the fraud department.



            The kinds of problems to anticipate if they have your mobile phone number include:




            • They may execute a social engineering attack against your mobile phone provider to convince them that they are you, and that you've lost your phone, and get the company to replace it and charge your account. They get a new phone with your number, your phone gets deactivated, you pay for it, and then they use your phone number to commit more crimes. This is the situation my friend is in right now, and it is very upsetting. But it gets worse! The worse situation is:

            • If they manage to get control of your phone number via social engineering attack, or bribing a phone company insider, or whatever, and they also have your email address, then they can execute the following series of steps: first, they'll attempt to log in to your email, but they won't have your password. Suppose you have two factor authentication turned on. They'll start the password reset process on your email account, and now they have "your" phone to satisfy the two-factor authentication, and they can reset your password to a password of their choice. Now they have your password and your email address, so they'll then read your emails and figure out what other services you registered that email to, and they'll reset the passwords on all of those as well.

            • Then they'll look at your email contacts, your social networking friends, and so on, try to figure out which of them is the most gullible, and start further attacks against them. Got a grandparent? They'll get an email from you saying that you're in Paris and someone stole your wallet and grandma, can you send me $200 to this sketchy money company right away?


            In short: our lives are in our phones, and many services use possession of a phone as a proxy for authorization. If they have your phone number, talk to a fraud specialist immediately, because these attackers will likely be sophisticated and know what to do with the resources they've got.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Dec 11 at 17:59









            Eric Lippert

            2,7631015




            2,7631015












            • If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
              – mastov
              Dec 14 at 10:47










            • @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
              – Eric Lippert
              Dec 14 at 15:31


















            • If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
              – mastov
              Dec 14 at 10:47










            • @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
              – Eric Lippert
              Dec 14 at 15:31
















            If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
            – mastov
            Dec 14 at 10:47




            If it's really 2-factor-authentication then the phone is not enough to access the mail account - the phone is only ONE of the factors.
            – mastov
            Dec 14 at 10:47












            @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
            – Eric Lippert
            Dec 14 at 15:31




            @mastov: Indeed. Unfortunately, a lot of so-called "two factor" authentication systems are systems where one of the factors can be used to change the other. If logging in requires a password and a phone verification, but resetting your password only requires phone verification, then have you really got two factor authentication, or just the illusion of it? Also, plenty of people use two factor authentication where one of the authentications is very weak -- weak passwords, weak security questions, and so on.
            – Eric Lippert
            Dec 14 at 15:31





            protected by Ganesh Sittampalam Dec 11 at 14:10



            Thank you for your interest in this question.
            Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



            Would you like to answer one of these unanswered questions instead?



            Popular posts from this blog

            Probability when a professor distributes a quiz and homework assignment to a class of n students.

            Aardman Animations

            Are they similar matrix